Critical Vulnerability Found in Grandstream VoIP Phones

Critical Vulnerability Found in Grandstream VoIP Phones

Posted on By CWS

A critical zero-day vulnerability, identified as CVE-2026-2329, has been discovered in Grandstream’s GXP1600 series VoIP desk phones. This issue allows remote attackers to execute root-level code on affected devices.

Understanding the Vulnerability

The vulnerability stems from an unauthenticated stack-based buffer overflow present in the phones’ firmware, which affects all six models within the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630. The flaw, rated as critical by Rapid7 with a CVSS v4.0 score of 9.3, is tied to CWE-121, indicating a stack-based buffer overflow vulnerability.

Technical Details of the Exploit

The vulnerability is located within the phone’s web service/API, specifically an API endpoint accessible via HTTP on port 80. Rapid7’s analysis pinpointed the issue at the endpoint /cgi-bin/api.values.get, where an attacker can craft a request that overflows a 64-byte stack buffer due to insufficient boundary checks.

Exploitation is facilitated by a Metasploit module, which targets the GXP1630 model among others, allowing unauthenticated attackers to gain root-level access. The exploit takes advantage of the absence of certain security mitigations, including the lack of stack canaries and position-independent executables (PIE), making the attack feasible and reliable.

Mitigation and Recommendations

In response to the vulnerability, Grandstream has issued firmware version 1.0.7.81 to mitigate the issue. Organizations using affected devices are strongly urged to update to this firmware version immediately to protect against potential exploitation.

The release notes from Grandstream, dated January 30, 2026, confirm that the update addresses several security vulnerabilities, underscoring the importance of applying the patch promptly. This update is crucial in securing the SIP infrastructure and preventing unauthorized call interceptions.

For continued updates on cybersecurity threats and solutions, follow us on Google News, LinkedIn, and X. If you have stories to feature, please contact us.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

H2Miner Attacking Linux, Windows, and Containers to Mine Monero H2Miner Attacking Linux, Windows, and Containers to Mine Monero Cyber Security News
GitHub Copilot and Visual Studio Vulnerabilities Allow Attacker to Bypass Security Feature GitHub Copilot and Visual Studio Vulnerabilities Allow Attacker to Bypass Security Feature Cyber Security News
Top 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025 Top 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025 Cyber Security News
Malicious PyPI AI Tool Steals Data via Trojanized Proxy Malicious PyPI AI Tool Steals Data via Trojanized Proxy Cyber Security News
Key Cybersecurity Vendors to Watch at RSA 2026 Key Cybersecurity Vendors to Watch at RSA 2026 Cyber Security News
Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers Cyber Security News